Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

apeir0 writes "The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer. 'It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.' Is this a valid point or just paranoia?" Ross Anderson has been writing about this recently; we covered his paper a few days ago, and he's now got a Palladium FAQ up. Another submitter sent in this interview with the Microsoft manager in charge of Palladium. The Washington Post has a column. Update: 06/27 22:43 GMT by T: Bob Cringely also has a column on Palladium up, in which he says that several of his fears have been realized by it.

Our business runs Linux. We have depricated M$ and their products. We are fast. Our expenses went down hugely. Our services are reliable. We buy the best commodity components and build all our own machines. Life is good.

However I can't ignore this. It does worry me since most of my clients only know MS. It is very difficult to get your avarage joe user to break the MS habit, and some clients believe the FUD being spewed/parroted by media.

We can't ignore it, MS have a monopoly and they are going to leverage to its fullest extent until it is (if ever) taken away.

I cheer on your use of linux, but we are a minority, a well informed minority, but a minority non the less.

However I can't ignore this. It does worry me since most of my clients only know MS. It is very difficult to get your avarage joe user to break the MS habit, and some clients believe the FUD being spewed/parroted by media.

The parent post to which you replied should never have been marked Troll, and I will enjoy ripping the moderator responsible a new one on meta.

That having been said, I disagree with his suggestion that ignoring this problem is the answer, but not for the reasons you say (or at least, not entirely for those reasons). This must be fought tooth and nail, as we are being attacked from two sides:

1) Microsoft, trying to leverage their monopoly to impose further, very detrimental, restrictions on the freedom of customers to deploy the correct technologies for their solutions under the guise of DRM.

2) The entertainment industry, that is trying to legislate the very same restrictive technologies and require them in all digital hardware.

We would be absolute fools to ignore this.

Having said that, fewer and fewer people care about Microsoft's proprietary protocols. Even offices that deploy Microsoft on the desktop are, in my experience, deploying open protocols in place of Microsoft's wherever possible to avoid the sort of nonsensical moving target and deliberate breakage MS service packs often result in.

The result, interstingly enough, has been a quiet movement on the part of several businesses away from Microsoft not just on the server side, but also on the desktop... and in every case, it has been a very successful move.

This is why Microsoft is scared, this is why Microsoft is trying to impliment coercive technologies that will remove the last vestiges of customer choice, and this is why their unholy alliance with Hollywood will likely succeed in creating a Revelations-esque dystopia if we sit on our hind ends and do nothing to prevent it.

Unfortunately we as Americans are so thoroughly conditioned to not become actavists about any cause, no matter how much we care about it, that it is very possible we will do nothing about it in time.

BTW - As another person who works at a company that has completely depircated Microsoft products and deployed GNU/Linux widely throughout our enterprise I can echo the original poster's comments (that were so unjustly marked as a Troll): Life as a non-Microsoft shop is damn good.

The funny part about this is that if Hollywood and Microsoft get what they want, they will be the ones whining in a couple of years that they aren't making enough money.

This is a disabling technology and DRM management laws would be disabling laws. Take a look at prohibition to see what would happen. Most people will begin using computers illegally, black market devices and software will be developed, economic calamaty will eventually ensue due to the brakes being put on free commerce in many arenas, including Hollywood and Microsoft.

It will be one hell of an ecnonmic downturn. I alos predict that all the financial pundits will not key on DRM laws being the cause, but they will be.

Which FUD are we talking about? This entire series by been a collection of FUD on both sides. In case you missed it Slashdot is also doling out large quantities of:FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation. DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?

As a community, we've not only grown a huge distrust for Microsoft, we've grown a love for their methods. Not only do we happily wage wars with FUD, we seem (as I look through the moderated up comments), apparently advocate licenses that prevent Palladium from working with "open hardware" (sorry, but that doesn't sound open to me, it sounds as exclusionary as Microsoft's standard tactics).

It's about time we returned to our core beliefs, before we lose them entirely and become what we claim to despise.

Which FUD are we talking about? This entire series by been a collection of FUD on both sides.

Which is amply demonstrated by the fact that this is the second time the story has been posted this week.

The Register article shows only that the reporter has no clue as to what Palladium is and what it can and cannot do.

No DRM solution is 100% secure, the issue is not eliminating piracy, it is raising the barrier sufficiently so that the content owners are confident enough to release material and for the level of piracy to be low enough that people can all make a buck.

Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.

If you run Linux you are not going to have a Palladium certified O/S and many content providers are not going to sell stuff to you. But that is exactly the current situation. Palldium is only going to mean that Windows users can get content that the owners will not release without strong(ish) DRM.

You make a great point -- you're right, we should watch what we do and say.

B this is just the initial stage of "freaking out." I, for one, never thought that anything short of an *obviously* oppresive gov't law could stop open source or the GPL.

But now that is changing. I'm worried. Here's why:

If the TCPA's ideas becomes law, and old applications are made incompatible, or more likely, obsoleted by new ones, people will be required to upgrade to new hardware/software to get much of anything done, as I see it. Upgrading is a source of revenue for corporations (e.g. MS), I think it's safe to say they would try for this if they could.

If this becomes standard and exclusive, there isn't a whole lot the OS community can do, especially if it is illegal, IMO.

The only thing to stop this is a huge outcry from the tech community and/or the education of government officials. Past that, the Joe Publics will have to become angry. And considering the Joe Publics I know, that isn't likely unless the idea of their computer being run remotely is spread around.

I think Joe Public can handle not stealing music. He might be used to it, but after all, by common definition, he is stealing it.

I think Joe Public won't mind the "extra security" if he thinks it's there. People aren't retarded, but often ignorant.

That is why I worry.

There is no way this could last forever. That would be retarded -- even congress has to learn about technology sometime. But what I can forsee in a possible future is a world where the companies have put their other foot in the door of our computers (and wallets). And it'll take a fight to get them out if they get that far.

To be honest, I'm scared. Fear, uncertainty and doubt are being spread because we (or at least some of us) believe in it. FUD from companies is typically BS with no thought behind it. This FUD is genuine fear, IMO.

Well, he said that they build their own machines, therefore they won't "buy a new pc". But when TCPA is in all motherboards/processors, all those machines (if the BIOS allows them to boot) will report they are not TCPA-compliant.

So even if they put a TCPA-compliant Linux on that hardware, because that hardware mix is not approved then they won't be able to use TCPA-restricted services. They won't be able to communicate with TCPA-locked clients and suppliers.

Even if they buy TCPA-compliant boxes with TCPA-crippled Linux, they will have to run only TCPA-approved applications. A TCPA-approved application can not trust data from a non-approved application (or else the app is at risk of being damaged/subverted by the data -- a buffer overflow or other attack can make an app do unapproved things). So they can't have TCPA apps read the output from custom programs, and can't create services for clients which involve their own unapproved software.

All of this matters how, exactly? If I can run a non-TCPA approved OS (even Windows XP) on the TCPA motherboard, so what? Isn't that the same as running a non-TCPA approved OS on a non-TCPA motherboard? I don't get it. So I can't use TCPA-restricted services or run TCPA-restricted software. Big whoop. I can't do that now!

TCPA will only matter if it reaches critical mass, but people (and corporations) will have little incentive to upgrade their hardware AND their software just to run Longhorn/Palladium unless they can't do something critical without it. In other words, the TCPA-restricted services and software will have to be required, and how will they ever become required if everyone must first upgrade their hardware AND OS AND applications?

I really doubt M$ can reach critical mass on this one. What's the "killer app" that drives everyone to TCPA/Palladium? Movies? -- Hollywood would have to stop releasing on DVD and switch over 100% to a TCPA-restricted medium first, and frankly at that point I'll just stop buying movies. Remember, society got along just fine from the 1900s to the early 1980s without owning/renting movies, and we got along just fine in the 1980s and most of the 1990s owning/renting them on VHS. I'd miss DVDs, but I won't replace my entertainment system if they stop selling them. Treating me like a thief isn't going to make me rush out and replace my TV, VCR, & DVD player with something that performs exactly the same (and refuses to play my old DVDs!). The RIAA and MPAA both think society can't get along without them, but they may be in for a rude awakening.

eBusiness? So far they haven't been able to entice everyone to pay bills or shop exclusively online, and forcing a complete system upgrade first isn't going to make it more attractive. Why business would rush to embrace this eludes me. My job is making in-house software for Fortune 500 companies, and they hate spending money on things like automated testing tools; they sure aren't going to like having to pay an outside company to certify their in-house software before their own computers will run it. Hell, who certifies the development copies so they can even be tested? Companies are not going to replace all their computers just so they can increase their software development costs.

Until we fully know what Palladium encompasses, why are we jumping to these hasty conclusions? This is no better than when people believed that Windows XP would deny you the ability to play your mp3s, or play them at a much lower quality, because they weren't 'certified'.

Until we fully know what Palladium encompasses, why are we jumping to these hasty conclusions?

Because we might be just a bit too late if we only start when this has become reality. The mere possibility that we could one day wake up to see that something like this has happened is too chilling to ignore.
Sure, chances are 99% of our conclusions and fears are way out there, but that does in no way remove the need for awareness of those fears to exist. If we wouldn't cry out each time something like this was proposed, we'd be giving a completely wrong signal, all but telling the industry that they can get away with doing such things...

He makes quite a valid run through his logic. It's not impossible, so I wouldn't call it simple paranoia. However I still don't think MS finds the GPL or Linux that much of a threat to its entire business. They're putting way too much effort into Palladium if it were only to make the GPL useless. It's really all about control, as a lot of people said in previous/. articles. It's somewhat about money, but at this point it's about growing an empire and making it even stronger.

This, I think, is a good point. The GPL had been around for how many years before Microsoft started its anti-GPL campaign? I remember working with GPL'd stuff back in 1989, a few years before the name Linux had even first been mentioned. Microsoft was already well-entrenched at this time, and I was playing with GPL'd software in DOS in thos days, why didn't they see it as a threat then? It wasn't until Linux actually entered the fray of being a serious operating system that MS sat up and took notice. Yep. I think it's more about Linux than the GPL -- the GPL just happens to stand in their way of being able to control Linux, so they attack it that way.

I remember working with GPL'd stuff back in 1989, a few years before the name Linux had even first been mentioned... why didn't [Microsoft] see it as a threat then?

...

It wasn't until Linux actually entered the fray of being a serious operating system that MS sat up and took notice. Yep. I think it's more about Linux than the GPL -- the GPL just happens to stand in their way of being able to control Linux, so they attack it that way.

Its kind of like noting that the Internet was in (somewhat) widespread use well before 1996, so why didn't Microsoft pay attention if this Internet thing is such a big deal. It wasn't until the graphical web browser showed up that Microsoft paid attention. Therefore, its not the Internet - its the Web.

In some people's minds the two ARE the same thing. And while they really are seperate entities, one depends greatly on the other for its success. And once the Internet with its more user-friendly flashy graphical Web front-end hit the scene... businesses, even those who had spent years running competing technology / practices, were forced to adopt it.

Linux and the GPL share many of the same traits. To the uninformed, the GPL and Linux are the same thing (if both aren't simply labled 'freeware'). The GPL license and GNU project layed the foundation for Linux. Linux drove the popularity of the GPL. At first GPL/Linux went unnoticed by the IT industry. And then it sprung forward, caught momentum, and is now an issue most IT Industry players must tackle - including Microsoft.

The GPL and Linux provide a whole range of threats to Microsoft. Competing software. Competing standards. Demand for open standards. Loss of control over implementation of those standards. Loss of control over publically available code, to include technology and code developed at Universities and through the US Government. Competative advantages to competing businesses able to adopt a business model that can make use of this code base. It doesn't matter if its specifically Linux or the GPL - its all full of nasty potential for Microsoft.

Microsoft's strategy is pretty simple. Linux presents a unique threat - it can't be bought, out-marketed, or simply smothered. Linux is grassroots and now a part of a wide number of corporate strategies. Its an IT industry hydra and the time-tested strategy of lopping off a head won't work. So Microsoft has decided to go for the heart; the GPL. Which would be a nice and neat thing to do - poison the GPL and ALL the issues of Linux and the GPL begin to fade.

Look, lets not get our knickers in a knot. It may happen, but it's never going to be the only, or even a high-level verification method. Obviously not, it's embedded in hardware.

I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?

It's a common failing of software manufacurers to think that new hardware can solve problems that software cannot (CF pretty much every dongle ever made) Just let MS run with the ball until they realise that the same thing can be done in software at a fraction of the cost.

In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.

If I thought this was a good idea and I worked as head of this project, I would compensate for the points your making. This plan is so large that they must have thought this through. I would get the manufacturing companies on my side, get the hardware and write the software, but only activate a small portion, probably just multimedia DRM. That could be used as the initial focus. If this were pulled off well and accepted, then I'd start to turn on everything else, like only running "authorized code" and such.

So if they want to get this adopted and in use - below the radar if possible - they have to do it very slowly. Get the stuff out there and then launch BigBrother.exe (or actually, bigbro~1.exe).

It's like the security scheme for credit cards though. If one person compromises Palladium on your computer, you need to change all your identifiers. Otherwise you have the problem of identifying falsely authourised code amongst the legitimately authorised code already there. Then you're exactly back to where we are now, running virus scanners and firewalls, except the user has forked out money for a security scheme which doesn't work.

All the manufacturers will be nodding their heads at MS while producing security free boards in the background. The market always follows what people want, and many consumers won't want to be tracked and stamped by MS.

The only problem I see with this argument is the legal aspect. All governments want more spying powers. This is especially true of the American government and their war on everything which is not in their economic interest. The organisations lobying for DRM have a lot of money, and the inclination to use it to get their way; the RIAA & MPAA, Disney, Microsoft - these are the people making laws. Do you think that the government sees any merit in allowing teenagers to download and rip music instead of paying for it like the western economy requires? And do you think that anyone in government understands the technical merits or failings of a hardware-enforced, legally required DRM? Or that they care? In their eyes, there is only one way forward. Computers are not for entertainment - they are for making a few people a lot of money. The internet is there to connect those computers for the same purpose.DRM is coming, and if people don't like it, they will have to move fast because with AMD and Intel promising support, there isn't much stopping DRM legislation - apart from some teenagers and some commie-hippy protestor types.So get ready to wear the mark of the beast...

I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique
identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?

I'm not so sure. The identification code is embedded in the hardware, and there would be no way to read it. At best you can give it data and use it to encrypt/decrypt stuff for you. The only way this stuff can be attacked is if something can spoof this, and pretend to be the Windows OS. But the hardware in the BIOS and the motherboard are going to be doing their absolute best to stop that happening- the BIOS/hardware can run certificate checks on the program that is asking for the encryption and authenticate it that way.

The problem is that in doing this you are moving many of the traditional OS functions down into the BIOS/hardware, this will make it very complex to do right, but modern semiconductors can probably do this. It doesn't necessarily benefit Microsoft though- there's going to be plenty of forces in the world, particularly Europe that will preclude that, although domestically in America it may be different.

Sure, I agree that this makes it harder to break _all_ identifiers, but the point of the system is that you don't have to break all of them, just one, and then you have free reign through every system which trusts that person. It's like credit card fraud: fairly rare in actual fact, but devastating when it does happen, with the difference in this system, that replacing your MOBO is considerably more inconvenient than replacing your credit card

No big drama except for the person who's account is compromised. You now have the expense of replacing your MOBO, and I'm not thinking that MS is footing the bill for that as the bank does with your credit card. In addition it's not like you get a credit card bill for every program your CPU ran, or was run by other CPUs on your sayso, or every website accessed, do detecting a break in security yould be more difficult than with a credit card. Potentially you may never know, or months may pass before youre sure you have to fork out another (Insert price here) for new hardware. In addittion you'll have to buy all new software, since your old stuff will think it's been pirated and shut down after calling the MS police.

I would think that an identification code embedded in hardware is going to be cracked, and in short order.

Hardware is enormusly dificult to crack, look at the ASIC on DBS cards for example, reverse engineering software is one thing, anyone with a afternoon and a hex editor can do that. Getting a electron microscope out and figuring out how the circuits work on a eeprom substrate is an entirely different matter.

What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique
identifier?

How about this, what happens to Charlie consumer when he wants to upgrade his system and move all of his software from one to another, you guessed it, he cant, its tied to the first machine for good, fork up another say $2000+ dollers to upgrade all of your software.

Just let MS run with the ball

Isnt that what got us into this mess in the first place?

In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.

Isnt that how it should be? Vote with your $$$ just dont buy one and it will die a horible horible death, more importantly inform as many people as you can about it.

Practically speaking, is there a lot of differences between a crack and reverse engineering the hardware? If someone writes a key generator and patches it into the OS, it still does the same job. Still, good point about having to move the software.

I wonder if this could be the straw which breaks the camels back, and finally gets some legislation in place to regulate the rights of software licencees. For example, I would think that getting a free (or for the cost of the media), replacement of all programs, when my HDD dies would not be an unreasonable thing to have written into law. I'm sure there must be plenty of others.

I would think that an identification code embedded in hardware is going to be cracked, and in short order.

Sure. Remind me, where do I download the software hack for Xbox?

Sorry, you're just plain wrong on this one. Trying to impose security on an insecure OS with a dongle is wildly optimistic. But tying the hardware and the OS together is - demonstrably - not. Modding an Xbox requires a hardware hack, and Microsoft aren't idiots; they'll learn from the Xbox vulnerabilities and make sure that Palladium is harder to crack, or they'll have got their para-legal team hopped up and ready to take down any mod suppliers the instant they appear (note that one Xbox mod chip supplier went under today).

I'm not saying it'll be impossible, but I am predicting that it'll be damn hard and will require more than just a soldering iron and a cavalier disregard for your warranty, the EULA and the DMCA.

As regarding it dying in antitrust... well, we've seen how fast the DoJ moves on these issues. As for returning computers, what's your basis for believing that by 2006 you'll be able to buy a generic naked system without a Microsoft OS installed? And if we're talking about individual components, what will the market be for people who want to install a non-Microsoft OS but who won't realise that a stock consumer Intel/AMD chip won't talk to it? 2%? 1%?

This is a big deal. It's the Son of SSSCA, dressed up in pro-consumer clothes. It's not mandatory, just de facto (i.e. zero difference in practical terms). The response to any legal challenge will be that if you really want to run a non-Microsoft OS, you can pay extra for "server" or "pro" versions of CPU's (and whatever other components have jumped on the bandwagon). Fine, but how long before the anti-piracy argument gets leveraged to push through either a consentual or compulsory scheme to license access to non-Palladium parts? Six months? Less?

We can argue this until the cows come home, but let's agree to compromise. If you're right, you can say "told you so". If I'm right, I can say... well, whatever Bill allows me to say. Fair enough?

The X Box Hacker Site [xboxhacker.com], of course. Really, I don't follow X Box hacking closely enough to know how far this has progressed, but it seems to me that a mod chip has been developed--in 9 months since the X Box was released, and it's DRM was touted as 'unbreakable'. Give it another 9 months for more development.

In fairness, though, the link to the FAQ indicated that while external-to-the-processor DRM management solutions were feasible to break, the embedded-in-the-processor DRM solutions expected in rev 2 and later of Palladium would be not hackable by individuals, or even groups of individuals.

And as for your other point: This is a big deal. It's the Son of SSSCA--yes it is. This is a big deal--the death of Linux, and the end of Apple, unless Motorola gets on board, and quick. You may be able to run those OSes, but you will have ZERO interoperability with 95% of the market. Two things that I think might save us: public outcry against this like Intel's previous attempt to allow external reading of the processor's serial number. Also, since this plan really requires ubiquity of the OS, the absence of a monopoly OS will hamper or kill it. The Anti-Trust penalty may help here, or may not.

Call me crazy, but I think M$ just said that opening (some of) its source was the way to achieve trust.

Juarez:... As a side note, we will publish the source code on that Trusted Operating Root. We will make sure that people have the opportunity to really go deep on that and kick the tires and know that what we're doing in there is what we say we are doing.

First of all, what they publish will be the interface to the hardware. The important stuff will still be hidden down in the hardware, or up in the application.

Secondly the code will only work if it is signed my Microsoft. If you change a single bit the hardware will flag it as "untrusted" and lobotimize itself, as the MS-DRM-OS patent puts it, it will "renounce the trusted identity". Altered code will not work.

MPAA/RIAA will jump onboard and start offering locked content. Sales of the system will be diven by movies/audio only useable on "Palladium enabled" computers.

The system will be cracked, but it will require a student in a college lab scanning the data off of the hardware, or maybe someone in his garage hacking a new circuit into the motherboard. It will be the biggest hack-target in history. It wont last long.

I can see this kind of technology being abused to the 1,000th degree. Imagine software that would automatically use your previous usage data to force you to buy individual features that you use the most, the next time your annual subscription fee comes around? Or deleting all your home movies because they didn't carry a copyright tag, and thus could be illegal? Or finding the cops at your door because little Timmy downloaded his favorite song on MP3 or Ogg?

It seems that we, the mass public, are expected to give up the idea than when we buy something, it's ours. Now that even seems to include our hardware, not just our software.

> For example, some mobile phone vendors use challenge-response> authentication to check that the phone battery is a genuine part> rather than a clone - in which case, the phone will refuse to recharge> it, and may even drain it as quickly as possible. Some> printers authenticate their toner cartridges electronically;> if you use a cheap substitute, the printer silently downgrades> from 1200 dpi to 300 dpi.

I wonder if there's a list of printers and/or phones that perform in such a manner. I'm not sure if the law would deem such behavior as "anti-competitive", but I as a customer certainly find it so, as well as offensive.

I have an Olympus C2000Z with a panorama feature, which can only be accessed if I insert a Smartmedia card from Olympus with this feature enabled.

I recently purchased a new smartmedia card of 128MB from a white brand, and the feature is unavailable with this card. It *may* have to do with vendor lock-in, but it may also be that those Smartmedia cards have a special (read: more expensive) feature of providing more temporary storage or something.

The Olympus cards are special, all right. In price, that is, but not in technology. If you overwrite the header on generic smartmedia with an Olympus header, your camera will enable the panoramic feature. See this page [geocities.com], for example.

I think that would depend on the engineering that went into the battery or the cartridge. You can always add some "features" to the consumable and take a patent out on it. You then license the consumable to different manufacturers.

In cases where the manufacturer holds a virtual monopoly over a widely used device, it would be expected that the consumer get a choice in buying spare parts. This was done to General Motors in the 1960's. At that time, GM held a HUGE market share, yet refused to allow anyone to manufacture spare auto parts (they owned or controlled all of their suppliers). That monopoly was broken up.

All kinds of various manufacturers are being more and more hostile to 3rd party products. No longer are consumer goods made for the good of the consumer. Mega advertising and money grubbing companies scramble for larger and larger slices of the economic pie. While at the same time those companies try and lock down their respective business models. It's a viscious cycle. It's capatalism run amuck.

My thought is one of these companies will over step the bounds and get sued. Oh wait..Microsoft already did and they are buying their freedom. God I feel good about America right now.

The notion of hard-wired authentication rings alarms for conspiracists who sense a plot by which Microsoft might exert even more control over what kind of software could run on future computers. The Redmond behemoth dismisses such talk as silly.

Apparently the US government does not think it's silly. Nor did the judge in the case who ruled against them.

Whilst Microsoft does not produce the most robust software in the world, they have repeatedly proven that they are masters of strategy and marketing. Getting into games consoles, PVRs and just about every other major electronic device that you use is just a prerequisit to being able to make this successful. Palladium is something to be feared.

They have failed, miserably, in the PVR market. They have failed, miserably, in the game console market... twice (WinCE in the Dreamcast, Xbox). They have failed, miserably, in the personal accounting market (Intuit has repeatedly cleaned their clocks). Their entrance into the handheld market has been anything BUT a runaway success, though they leveraged confusion at Palm to grab a nice chunk of the market.

They have 4 major successes. They took the OS monopoly granted them by IBM (as a result of IBM facing an antitrust suit) and built a successful empire. They leveraged internal knowledge of "Chicago," (Windows 4.0/95) to get Office 95 on release and establish a near monopoly on desktop office suites. They leveraged their OS and finances to establish a near monopoly of Internet web browsers. They also used financial muscle to clip Borland off at the knees and establish a near monopoly in development software.

However, in the cases of their successes, they really leveraged a critical mistake by their competition. Even NT Server's rise was a combination of marketing and boneheaded moves by Novell. Novell has let everyone believe that they are dead, so NT ate a lot of their market. Linux is now a huge portion of the market.

I really don't understand why everyone believes that Microsoft is invincible. Look at how WordPerfect, Netscape, and Novell dropped the ball. Also look at how Apple dropped the ball.

Microsoft is great at release early and release often. They put out near beta code quickly to establish a beachhead. They then keep running at you, hard. Fail to innovate (Netscape and Real) and they will clobber you. Keep running ahead, and you can be the Intuit of the world.

Microsoft has a LOT of failures. MS SQL Server has NOT defeated Oracle and DB2 for the Enterprise "mass" market of databases. MS SQL Server gets most of its success from MS Shops that web deploy apps with VBScript ASPs. Low end web publishing uses MySQL+PHP, while the higher end does Java+JSP+Oracle. Those of us in the technically complex world without the heavy Enterprise backing do either PHP (or Perl) with PostgreSQL in the Unix camp OR ASP with MS SQL in the NT camp.

MSN has never defeated AOL, despite its early predictions (and 7 years of being pushed in MS's monopoly Oses). You're insane if you think that Xbox is competitive with the PS2 or Game Boy Advanced. It has been running even with Nintendo's Gamecube in 1 of the 3 major markets (trounced in two others) while Nintendo hasn't released a major title yet.

UltimateTV was a total flop. There are lots of failures, not just Microsoft Bob.

I can add at least one more reason this darn Palladium thingie won't work (for the previous reasons I mentioned, see the previous discussion on Palladium):

Economics & the rule of profit.

Think about it for a second: a lot of people, though not the [MP|RI]AA, are going to be royally pissed off about this.

Therefore, they will be tempted to do something about it. So, we'll see one of these solutions:

Clever hacks, designed to completely fool the Palladium/DRM solution into thinking some software/hardware combination is legit and acceptable. This is highly possible, given the fact that no secuity is foolproof, and the abysmal track record of Microsoftin security and stability.

The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs. For instance: small computers, based on accepted -- and fairly open -- industry standards such as IDE, PCI, USB and ARM processors.

The fact that somebody, somewhere is bound to remark that this whole Palladium thingie hurt sales, profits and image. When enough PC builders realize their mistakes, they'll backtrack faster than you can say "GNU/Linux kernel" back to non-DRM, non-Palladium (non-MS?) machines.

All of the above!!

Finally, I think the US.gov could go along with this hare-brained scheme, but do you think the EU will? And what about most third-world countries who, even as we speak, are flocking to open-source solutions in droves?

Again: I believe M$ is just testing the waters here. It's probably either a marketing test balloon or vaporware, designed to please the US government in these post-9/11 times.

Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.

Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.

This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart. Initially, people might go for it. When an economic disadvantage is passed on to consumers - designing this, after all, isn't free, and developers who can't or won't pay the fees required to have their code "Certified" will be unable to develop for that market - and consumers of Palladium PC's will be unable to use their wares.

This will result in a incentive for a manufacturer of CPUs or motherboards to produce a non-Palladium product. People will move to those platforms for a variety of reasons, producing an incentive to produce non-palladium products, springing up a non-MS taxed industry. It probably would motivate a lot of busy people like me to start working on GPL products to fight against the mark of the beast. Sooner or later though, a hardware manufacturer will spring up to produce hardware to meet the demand. That's inevitable.

This, frankly, sickens me to think about. I'll become physically ill if Apple announces they're going to soil their OS X and Powerbooks with this platform.

This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart.

Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC? It may not have the strength it used to, but it still has a tremendous amount of control over oil pricing. I hope you're right on this one, but it's not a given.

Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC?

Absolutely right.

Then, lets not forget cartels like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), who have successfully lobbied for and purchased legislation to enshrine their oligarchy into US law.

These are the very people who are pushing for this sort of nonsense, and a software monopoly as a result would be fine with them (indeed, perhaps even preferable to a free market, since it is only one point of pressure/influence they would require).

We are absolutely kidding ourselves if we do not think this is a serious threat to Free Software, the GPL, and our very freedom as human beings.

I look at this problem as a question of stable/unstable systems - think the physical world:

- A ball at the top of a hill is an unstable system - any disturbance will make the ball roll down the hill. To keep the ball on the top of the hill for a long period of time, one needs to frequently provide energy so that the ball stays/goes back to the top of the hill.- A ball at the bottom of a valey is an stable system - the ball will only get out from the valey in case of a major disturbance. For small disturbances the system is self-correcting - the ball tends to roll back to the bottom of the valey.

So - social systems can also be stable or unstable. An example: - A bunch of kids left alone in a room with a pile of candy. They are told by a grownup that if they get the candy something bad will happen, and then the grownup leaves. Now, one kid gets the nerve and goes and gets a candy. Nothing happens. Then another one. Still nothing. The another and another and another. This is an unstable social system - the candy won't last long.

Back to our problem (finally). I believe this is an unstable system. My reasoning is as follows:a) From the side of hardware manufacturers:- Any hardware DRM implementation will be more costly than a non-DRM implementation. At the very least, more space will be needed in the CPU, which means a bigger die, which means a more expensive CPU (the bigger the die the more likelly it is it has some failures, meaning less working chips per wafer meaning less more money per chip).- Inicially the majority of the software out there will not require Paladium/DRM. Only new programs might require that.- Thus (at least in the beginning), machines without Paladium support will be both cheaper and suitable for the biggest majority of software/consumers (thus having a competitive advantage). This makes it very tempting for hardware manufacturers to NOT produce Paladium-compatible machines.

b) From the the side of software producers:- A Paladium/DRM license costs money. Implementing software which requires Paladium/DRM is thus more expensive than non-Paladium-compliant software.- Similarly to the hardware side - in the beginning, the majority of machines will not have Paladium support. In order to reach a sizeable portion of the market, the software must thus support non-Paladium-compliant hardware.- Thus software producers that want to reach the biggest portion of the market will either produce non-Paladium compliant software or software that will work in non-Paladium compliant machines.

Puting it all together:a) Hardware manufacturers will have a competitive advantage in manufaturing non-Paladium-compliant machines (cheaper and work with almost all software)b) Software producers will have a competitive advantage in producing software that works with non-Paladium compliant machines (the majority of the market) or even non-Paladium-compliant software (which has the aditional advantage of not requiring a Paladium license).

As i see it, the current situation is a stable situation. A great deal of energy (read money) must be spend in order to change the status-quo. Software developers need to be convinced (as in paid) to do Paladium-only software while hardware manufacturers have to be convinced (again paid) to develop Paladum-compliant machines. The temptantion for software producers or hardware manufacturers to put out products that do not require Paladium will be huge given that any one that does so will have a competitive advantage (which will translate to more market share) in relation to the ones that remain Paladium-only compliant. As soon as one company leaves the pack and starts increasing their market share others will have to leave too in order to stay competitive.

The only way to avoid this would be if all consumers would at the same time change all their machines and software to be Paladium-compliant. In a Paladium only world there is no market for non-Paladium machines or software.

The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs.

That might have worked in the 1970s or even 80s, when chipmaking systems had "reasonable" prices (say in the 50 million USD range), there were many companies making chips, and there was competition among microprocessors.

Today, chipmaking systems cost in the billions of USD. No one is going to start a garage shop to fabricate these things - they will have to come from established (read: large) manufacturers. Large companies are very susceptible to government pressure: "no DRM instructions in your new CPU? I guess we will have to cancel that big secret contract with the NSA, and also sic the SEC on your financial statements."

Similarly on the CPU side: Intel and AMD are really the only games in town now. Any new systems would have to "play ball" with one of those two. And again, as large organizations (in Intel's case with large US Government contracts) they will fall into line if pushed.

Sorry, I have to disagree here: RISC chips could be the perfect answer to that problem.

One of the most successful chipmaker of all time is ARM. The first version of the ARM chip (a 16-bit RISC chip) was created by just two people, with no money, no help and no support from the main company (Acorn, at the time). If I remember well, these two people did not even have a lot of experience in chip design.

The great-grandchildren of this chip can now be found in millions of devices all over the world. iPaq, Nokia, HP, you name it: they all use it (even Palm, in its latest models).

Even when ARM1 came out, it was touted as more powerful than anything Intel had to offer at the time. It was also easier and cheaper to produce and consumed less power than all other CPU models.

And there are ARM clones out there, including one on Open Cores.org [opencores.org]. Not that I think that desiging an ARM clone is necessarily good, just that that designing a cheap RISC CPU can be done.

So, designing a complete "GNU Hardware" system is possible, and it could even be a way of ditching the mess which is the PC architecture.

Think about it:

No Palladium, no DRM, no Micro$oft. Ever.

A new, open architecture, open CPU core, based on open standards and free for everyone to take, copy and reproduce.

Your choice of operating system: Linux, NetBSD, OpenBSD, you name it. Plus, a huge amount of quality software that will stay free for ever, thanks to the GPL.

Can't produce it in the US? Ask European firms! No luck? Try Taiwan, or China, or Korea or whatever.

Let's face it: some people (including me) would pay good money for a "no-Palladium" system. Especialy if I have no choice!

Operating Systems such as Linux are a commodity -- but a commodity that break M$ monopoly. I think it's time for the hardware itself to become a "free speech" comodity as well. And Palladium could push the Open Source community to do just that...

# Clever hacks, designed to completely fool the Palladium/DRM solution into thinking some software/hardware combination is legit and acceptable. This is highly possible,

Palladium is based on the patented Xbox method. The hack for that requires an expensive mod chip, a soldering iron, and a willingness to break your warranty and (arguably) the law in the form of the DMCA. That's pretty darn good security in practical terms, and it'll be better by 2006. This isn't some afterthought dongle, this is Palladium hardware that will only talk to the Palladium OS, and vice versa.

# The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs

Bzzzt, wrong. Not enough market, and this won't open a niche, because Intel and AMD will sell expensive "server" versions that will run non-Palladium OS's (then expect to see sales licensed to "crack down on piracy"). But surely (I suspect you'll say) people will realise that it's better to support a cheaper and technically superior solution over a bloated expensive incumbent. Uh, right. Nobody every got sacked for buying IBM, goes the adage. Remind me, how is Transmeta doing these days? Still burning up the venture capital, right? OK, we can go to PPC, but that sinks one of the great strengths of Linux/BSD, that you can install it side by side with Redmond on your Intel/AMD system and see if you like it.

I think the US.gov could go along with this hare-brained scheme, but do you think the EU will?

Er, yes. Or rather, I think that EU politicians will let it in, and then the EU courts will have to deal with it after the fact. You know, the way it always works. Third word? What's the interest in the third world? It's to increase the potential market. OK, but companies know that it's more expensive to recruit than to retain. It's way more efficient to lock in your high value customers than to spend money to try and persuade low value customers to join in. And once you're infected by Palladium, they've got you. You're never getting out. They don't have to win everywhere at once with this, they just need to start the ball rolling.

Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.

Spurious assertion. First off, by 2006 Microsoft plan to have everyone - corporate and residential - on software-as-a-service plans, with automatic updates. And they'll simply stop offering anything other than Palladium. Then look at it from the point of view of risks and penalties. What's the cost of not signing up? It's guaranteed exclusion from the Palladium network. Initially, that means Microsoft, which means (depending how they want to play it) patches, fixes, MSN, MSDN, Microsoft Messenger, Hotmail, Passport, you name it. Then if just one of your big customers or partners switches, you have to switch, or lose them. I agree that it'll be hard for Microsoft to get the ball rolling on this, but when it starts, my god will it pick up momentum.

Maybe I'm being Chicken Little. Maybe you're being Pollyana. But the costs of me being right are a heck of a lot higher than the cost of you being right. I say we scream about this, and we scream about it now, before it has a chance to gather momentum.

The Palladium system will not rely on a single security system. It will use a variety of techniques for securing access - hardware and software. This not only increases the security aspect but allows vendors and content creators to choose from a list of what they want to use.

I think MS has learned that their reputation preceeds them in the content creation industry and will do what it takes to gain that trust.

Palladium if it ever actually comes to pass is probably the biggest and most profitable enterprise Microsoft could ever possibly have imagined. Why? Secure software running on a secure platform. But what steps do you take to make this idea a reality?

A trusted hardware base. All hardware must meet certain operational standards that are set out by a central organization. For hardware to be "compatible" it must live up to the minimum of these standards. Similar to government regulated health and safety standards on all current hardware, but in this case software regulated. While this might not appear in Palladium version 1.00 it will definitely feature in its future, as all the big media companies want hardware copy protection.

All software needs to be certified by the above central organization. It wouldn't be out of the question for Microsoft to create an "external sub-company" to administer this side of the business and not seem like it's trying to be a monopoly. This new company would deal with Sun, Linux, Oracle, etc, in the same way it would deal with Microsoft. Why this might happen I'll explain later.

How will this software be certified? If a software company just uses any old computer language to create a binary, what will get certified the source code or the binary? This is an important question, how do you check that the software that's certified has no backdoors? As backdoors are the single biggest problem within a closed "secure" system.

Here is what I think Microsoft is making a play for:

The answer is a trusted programming language a.k.a.NET framework. Microsoft's new byte-code compilers (look's like Java might just have missed the boat). With a trusted compiler creating trusted byte-code running on a trusted computer. It now becomes possible to create different levels of certificates for different levels of access to computer hardware and personal data. In this way Microsoft will have completed their "finial software solution".

Microsoft is predominantly still a software-based company. While the IBM PC compatible hardware is Microsoft strong hold it's not the only hardware option. To a large extent Microsoft has won the desktop market. The only way they will lose it is if there's a change in the Client/Server (Desktop/Internet) relationship. Microsoft saw with Java how this relationship could change and Windows could become no more then a footstool for Java applications. If Java had become the programming language of choice for creating Desktop/Internet applications Windows would have become a very easily removed part of the equation. Enter all the dreams of the Net-PCs, a slimed down computer running cheap to free operating systems with a Java run-time on-top. Here's the twist. Microsoft liked the idea and with its power in the desktop arena knew it could succeed where Sun failed. Microsoft Windows might not be the flagship of Microsoft for much longer, as Palladium could become the software platform of the future. Two reason why I think this: 1) They could create a more "open" version of Windows knowing this would help them in their antitrust cases. But really knowing that all software by default will have to run under Palladium anyways. 2) Palladium will be run on all trusted hardware footprints (PC, Apple, etc). But Microsoft will use its power over the desktop market to implement Palladium through Windows. Once it has been accept as the standard that Microsoft believes it will be, demand from users of other hardware platforms to support Palladium will create the need for all client operating systems / hardware to support an implementation and because its all based on.NET byte-code this will not be a problem.

With this move Windows steps back becoming primarily a desktop only environment running Palladium for all import tasks. Windows users will still be able to play all their games and fun applications, which might not be trusted but Internet access and important data can only be accessed through Palladium. Windows would sandbox trusted and untrusted software apart. So at an operating system kernel level trusted and untrusted software runs differently. Plus with Microsoft changing its file system from FAT/NTFS to a Database system untrusted software wouldn't be able to get access to this partition, both at hardware and software levels.

Now the "external sub-company" suggested above would be used as follows: This company would be "external" from Microsoft, and Microsoft would sell its MS-Palladium investment to said new company, which just happens to have Bill Gates as its CEO and many other big shots involved. This new company (which for ease of reference will be called "New$oft") will be now responsible for managing all the NS-Palladium implementation with all hardware / software companies. This implementation will required backroom access to all operating systems source code, to double check that there are no loopholes in the security of an implementation. Companies like Sun and Apple to an extent will have to allow Newsoft access to their primary intellectual property. Newsoft will check that the operating system cannot do any damage to the secure Palladium.NET network. As for Linux, Newsoft will create its own GPL distribution and modified Kernel, which it obviously has control over. This is all perfectly legal as Newsoft gives away all the source code for NS-Linux free. But when purchasing NS-Linux a license fee is paid for the NS-Palladium subsystem. All Linux updates will have to come through Newsoft before becoming part of NS-Linux. This will hi-jack Linux and removing control of the Kernel from Mr. T to Newsoft. Linux will still be as popular as ever but the distribution of choice will be Newsoft's because of market compatible pressures.

Now to the finial piece of the puzzle. Palladium will control access to different data and software features through certificates. Companies creating software that will run on Palladium.Net will have to get certified for developing different types of software. Meaning, not only will the source code be certified the companies that create the code will also have to be certified if they want their application have access to certain user data. This way only trusted companies will be allowed on the trusted Palladium.Net network. But the only way to create the byte-code is by using the Microsoft's Studio.Net tools. The byte-code that is created will have to adhere to standards that can easily be parsed for backdoors or loopholes. This way the certification of the binary process becomes a simple automated matter of checking the company's certificate permissions against what the binary byte-code is programmed to do. If the binary byte-code operates within the limits of the company's certificate we have a trusted program. This could even be applied to things like Palladium-Word macros, Palladium-emails to stop spam, the list of possibility is endless.

So to recap. All computer hardware is updated to have a Palladium microchip. The operating system has been updated to run Palladium's run-time byte-code. All software and software companies have been certified by Newsoft to be trusted. Linux is just another pawn in Newsoft's game of secure chess. Call this farfetched if you wish, but in Bill Gates wallet beside the picture of his children is a copy of this plan which he looks at daily, and smiles:)

As for M$ having wont the desk-top battle. There are 50 million machines opned by people who WANTED to buy them rather that the 250 million machines bought by people who were'nt using them, looking for the >st ROI and st cost.

Linux is gaining %-age in the flat desktop market and that's coming out of M$s %-age.

The web sever market is definitely not IIS.

There's 25,000,000 Mac users out there and they bough their machines because they wanted it.

There's 25,000,000 Linux users out there and they bough their machines because they wanted it.

There's 250,000,000 M$ users out there and the machine was bought by the company they work for because it was cheaper, not easier to use or better.

Palladium (a toxic metal and a mythical calamity ending in the sac or Troy,) is based on trust.

Given the hunk of Swiss cheese that M$ has created and shilled all these years, would YOU trust them?

In Windows you want to read a file whose access is denied to only a limited group of people, even having administrative access doesn't allow that. You must take ownership of the file, and generally admins are not given that privledge.

In the non-trusted Unix world, root can do anything anytime. It has alot to to with network security because any sysadmin or anyone with access to a sysadmin has the ability to usurup the security model and do whatever they wish.

I really don't know windows very well, but I'm sure there is one account (superadmin??) that can change these privilages. Which is basically root.

I find it amazing how folk can start a sentence 'I don't know anything about this' and then go on to pontificate. Examples of this behavior include practically every Senator's reaction to the pledge of allegiance rulling (I haven't read the rulling but I'll make a dumb-ass statement to protect my base) and 50% of the posts on Slashdot by Linux people on WNT.

Under WNT you can set the O/S up with very strong file access permissions. It is not unusual to configure a WNT machine so that administrators don't have access to user's files and if you read the manual you can set the system up so that nobody has system privillege, administrators who can mod user accounts cannot modify the system log etc.

With W2K and later you can turn on the encrypting file system. By default the administrator still has the ability to recover files via the recovery root. But you can export that to a floppy disk and put it in a safe. You can also integrate more powerful Key Recovery systems from third party vendors that enforce dual control over recovery.

UNIX was not designed to be a secure O/S. The security it does support is a subset of the security mechanisms of MULTICS. The design observation made at the time being that the machines of the day (early PDPs) could not support a complex security model.

It is unfortunate that so many people mistake age for security. By the time VM-UNIX was developed the VAX 11/750 VMUNIX was developed on was capable of supporting a sophisticated security model as VMS proved. But like so many UNIX design features what had originally been a shortcut had been elevated to the status of dogma.

So how preciesly are are supposed to know, across a network, that the signals you are recieving come from a chip or come from a piece of software emulating a chip?

And how do you patch hardware when you find, 6 months in, that there is a flaw? This is a giant step backward in technology, designed to make people go out an buy yet more useless crap for their computers.

1. The PKI spec and reference implementantion is public.
2. PKI chips are manufactured my multiple 3rd parties.
3. The validation to get your keys will be done by trusted third parties.
4. Nothing changes. In the beginning, things might be easier for those running Windows.

The world is not dumb enough anymore to be fooled by MS, it does not have ultimate control anymore, they are under pressure from many directions in which an OS is used(mobile terminals, embedded devices, consoles, desktop computers, servers) - all of these have multiple serious contenders now with differing interests. No one is strong enough to kill everyone else.

I think the market is silently going to take care of this. Would you rather buy an intentionally crippled product, or an 'open' competing product? Yeah, they might make those illegal in the US, but the rest of the world won't follow, so there will always be a steady supply of 'open' hardware (which will probably be cheaper, too). After which the American industry will scream bloody murder because of the unfair competitive advantage of foreign corporations using all this open stuff. Then they will buy some senators to overturn this initiative, and all wil be well...

the rest of the world won't follow, so there will always be a steady supply of 'open' hardware (which will probably be cheaper, too). After which the American industry will scream bloody murder because of the unfair competitive advantage of foreign corporations using all this open stuff.

This will not result in the removal of the crippled products, it will result in tariffs on the imports. The open hardware may be available, but it will be available only via the black market.

This will not result in the removal of the crippled products, it will result in tariffs on the imports. The open hardware may be available, but it will be available only via the black market.

Which would then lead to counter-tarrifs, and a full scale trade war. Would the US government want to risk that just to please the RIAA and Microsoft? I think the farmers, the steel workers and the car industry would go nuts!

"I think the market is silently going to take care of this. Would you rather buy an intentionally crippled product, or an 'open' competing product? "

They're going to let you switch it off. However, if you switch it off, you wont be able to generate or use "trusted" content, and if 80% of people do not accept your "untrusted" content (with a little help from some cunningly-worded MS error messages), you're up shit creek (to use a common engineering term).

The carrot will be Hollywood DRM content, and the stick will be in creating the perception that MP3s, Oggs and Linux are in some way "untrusted".

The FAQ is a good effort which I appreciated a lot, but if I show it to my less-techie friends, they won't want (or be able) to read and understand all of it.
Anyone know where one could encounter a well written introduction to the problem, and a summary of the main points in the FAQ? This would be good for people who's not technically oriented, but still use computers for variuos tasks. Those are the ones that must know about the implications of Palladium, to be able to protest against it with their wallets...

I'd write one myself if I posessed the insight and eloquence, but I suspect that many others could do a far better job than I.

Have we been sleeping, or is this the same microsoft that has forbiden linking to GPL code by EULA and has wasted so much money and time attacking the GPL? Anyone who has so much as owned a computer with any non M$ software on it in the last ten years knows that M$ is hostile to all other software writers, including their own Studio trained writers, VB etc.

Even if it is expensive to crack the Fritz, someone will do it and then turn themselves into a fountain for copyrighted content.

They'll rip the latest Hollywood blockbusters and Britney Spears' album and put it on something like FreeNet [freenetproject.org] and everybody will take to downloading it and more importantly, we'll all feel really good doing it.

Ditto running something like Microsoft Word. Once it gets hacked so that it is Palladium-neutered it can be transmitted to everybody in a flash and we all get to run it and feel good about doing so.

Another brilliant strategy by Microsoft to discourage me from buying any products or hardware from them or their partners. Way to go, such a strategy. More neanderthal thinking to bolt some awful junk into a system and make it less flexible (and ultimately more vulnerable) and probably be further used as a method to encourage me to upgrade hardware more often..

"Here's a latest version, buy it!"

"Oops we left out a feather which will be in the next release for your buying pleasure."

"The bug which has been reported was very dangerous and those who reported it should be tried as terrorists, by the way, the fix will be out in 2 months only costs $$$ to have an authorized technician take care of."

"Completely new design, as we Listen to You, expect it as soon as our current anti-trust trial is resolved."

"Bill Gates and Hillary Rosen deny tryst even as users find all CD's placed within 10 feet of PC's suffer damage from XPQ radaition (thanks to that special new chipset!)"

And of course, cattle will just wallow into stores and buy it without giving more thought than whether it comes with a shiny, candy-like button.

It almost seems like the big companies are doing everything they can to make Orwell's book "[i]Nineteen Eigthy-Four[/i]" come true. They want to total control over what everyone does with their copy of some software, music or a movie. It'll be only a matter of time before some big company proposes tracking every single individual in a country. Hang on, I seem to recall this already having been proposed in a similar form...

So, what are we going to decide? Will we allow the big companies (the 'Party') to take away all of our freedoms one by one? Today fair-use, tomorrow anonymity?

It sounds to me like this would be the ideal time to use the united force of all people around the world who value their freedom to fight the sickening proposals being made by those who stand above the possible effects of their ideas.

Certainly, this technology might be useful in certain situations, but it should never be used to limit the freedom of the individual.
Are we willing to sacrifice our freedom for the sake of the profits of the 'entertainment' industry? It would hardly surprise me if after a successful introduction of TCPA, the number of sold CDs/movies and the profits made on movies in theatres would rapidly decrease, instead of rise, like they did before the introduction of TCPA (profits made by the entertainment industry has continued to rise in the past few years, despite the doubling of the number of sold illegal CDs and the exponentially growth of P2P software over 2001).

I propose that we, the people, make our final stand here and let utter defeat be the fate of our opponent(s).

I've noticed one particularly transparent piece of FUD in the propoganda released by Microsoft: They claim that Palladium will eliminate SPAM. This is totally false, it cannot possibly prevent SPAM any better than existing technological solutions. The press release doesn't give a lot of technical details, but based on the wording and the nature of DRM/Crypto technology, it seems that Palladium can do one of two things:

Automatically drop incoming mail not cryptographically signed by a user in the address book of the recipient.

Only allow mail from users in Microsoft's Passport database. Spammers are simply removed from the database, preventing them sending mail to Palladium protected machines.

The first method is similar to what ICQ-like programs do, but ICQ was not designed to facilitate one-off messages from unexpected people. For example, all businesses have to have "open" email addresses, as do a lot of other people, including students and faculty, and so forth.

The second method might seem superior at first glance, but requires perfect security in both the central database and every client machine that stores a digital ID locally. I think that that is going to be most unlikely. We all know that spammers will find it all too easy to create fake IDs, steal the IDs of innocent home users who think a firewall is a sheet of insulation used to stop a fire in a building, and generally make a mockery of Palladium.

It says Palladium will only run "authorized" applications. How hard is it going to be to hack the authorization code into any Open Source program? Maybe someone can make an authorization library anyone can include in their project.

palladium CAN definitively be circumvented. Maybe a mod chip will be required to avoid querying the palladium chip, but it's just hardware. A few days ago I posted a comment [slashdot.org] here on slashdot, which generated a nice amount of discussion about that.

I understand now that if it's about public key cryptography on the chip it will definitively be a tough job to circumvent it. But it has to be done, no matter if it's illegal under the DMCA.

Some 30 years ago it was illegal for people with skin color different from white to sit in front of a bus. It was the law. Was it right to obey that law?

Mod me down as a troll, mod me down as useless. But I say that it is time to embrace our cyber weapons, our mind, our smartness, and fight out all those absurd laws - by disobeying it. No reason to fight back, definitively not in a court. The best ways to do that are:

don't buy motherboards with palladium chips on it

advise your company not to buy any more microsoft products; instead, to donate a tenth of what they would pay microsoft to open source developers to improve GPL-based software.

boycott Microsoft: don't buy their products, or if they are required, give them away for free. USE COPIES, make them loss revenue on that. Yes it's illegal. But they cannot be stopped legally.

use your brain to find new, better ways to circumvent their protections: being that an 'activation code' or any authoritative chip itself

I know I do sound trollish, but I do firmly think it's time to fight back against that. A law is supposed to protect the people - not the corporations!

last thought - if Palladium gets introduced in the US, and all vendors apply it, and the DMCA makes it illegal to circumvent it... do you, GNU users in the United States of America, really want those laws to block your creativity and your freedom? Do you know that other countries will probably not introduce anything like the DMCA, nor implement Palladium? Do you really want to be left alone in a world that will improve GNU systems, stuck on stupid law questions?

The entire system, even with Fritz in the CPU, absolutely depends on the single private key: The one required by Fritz to boot the machine. And there is another key, the one used to sign the trusted software.

Frankly, I think it HIGHLY unlikely that one of these keys won't be uncovered, either by an insider or by a large distributted cracking project. And once a key is out, ALL THE MACHINES CAN USE IT TO BYPASS PALLADIUM.

MS is
taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.

... and emminently unprogrammable, in the common meaning of the word that it has had since the dawn of computer science. It appears Microsoft has completely forgotten what actually has made computers as powerful as they are. My gut tells me that this too shall pass.

Hasn't this sort of hardware solution cratered dismally just recently? How does Palladium differ from Intel's Pentium!!! serial number debacle?

Why does Bin Gates think his effort will fly when Intel's didn't? People just won't buy his stuff any more than they did Intel's! This is a market economy -- people vote with their dollars [euros,yen,etc].

I dont think it will suceed, but you specifically made it sound like this was a MS only move; when in fact it wasn't an MS only move, its a pretty wide industry consortium.

On top of that, there are many reasons that it may or may not suceed, given in the FAQ.

ISN was useless - it offered NO VALUE yet had the potential to cost quite a bit in terms of privacy. Thats bad - adding new costs without providing value. The FAQ talks about MS and otherss will attempt to bundle value to offset the implications and costs associated with the costs.

Its pretty straightfoward, and covered really well in the FAQ. Maybe it will fail. BUt you should at least be able to see the argument MS puts forth.

I almost spewed up my iced mocha latté when I read the opening paragraph of the article:

In ancient Troy stood the Palladium, a statue of the goddess Athena. Legend has it that the safety of the city depended on that icon's preservation.

Even someone with the most rudimentary liberal arts education knows what happened to Troy and the Trojans, right? No? Well, here are the relevant parts of Homer's Iliad [tufts.edu] and Vergil's Aeneid [tufts.edu] boiled down into one paragraph:

The Greeks went to war against the Trojans because one of their kings' wife, Helen, skipped town to hop in the sack with a Trojan prince. The war went on for about ten years or so with no clear victory in sight for either side. Finally, however, the Greek soldier Odysseus (a.k.a. Ulysses) hatched a clever plan--the Greeks would build a huge, wheeled wooden horse and offer it to the Trojans as a sign of surrender. Unbeknownst to the Trojans, however, Odysseus and a crack team of Greek soldiers would be holed up in the horse's body. Lo and behold, the Trojans accepted the horse and opened the gates to let it in. That night, Odysseus and his posse got down and started kicking some serious Trojan ass from inside the city. In fact, the shrine of Pallas Athena (the Palladium in question) was where the Trojan king Priam and his remaining family members took refuge. But it didn't matter; the Greeks came in and slaughtered them.

Three thousand-odd years later, the term "Trojan horse [tuxedo.org]" has taken on a special meaning in tech jargon. Perhaps whichever marketing dweeb at Microsoft came up with the name "Palladium" for a security product should have paid more attention in that world literature class.

The SOURCE code which shouldn't be in a vulnerable place on the server anyway.

They belong and should reside on development machines and on distribution servers which us MD5 to verify the veradicity of the sacrosanct code. Like they do now!

If M$ minions think that this will give them a lever to oust the Linux community, they'd better look again. If they think somebody will hand them the keys to the kingdom and say sure, you decide who we should trust, when nobody trusts them, they must be listening only to their own lawyers argue at the anti-trust trial.

The http protocols are open source. The whole infrastructure is open-source.

Unix/Linux servers number in the millions and serve over half the web.

There are 25,000,000 Mac OS 6..9.x and X users out there. There are 25,000,000 Unix and Linux boxes out there. As much as M$ might want to try, they can't balkanize the 'Net that way. There is NO posible excuse for suddenly locking out 50 million users.

Nobody's gonna buy it. The class-action lawsuits, the criminal investigations, will begin before we even have a total count of the clients, servers and hosts.

Too many systems would suddenly go missing for it to go unnoticed. You can't sneak this one under the radar and hope the Justice Department won't notice.

This is not something that businesses and politicians can rally around. Specially given the fact that it would be so fuckin' obvious that not even a lawyer could deny it. Well okay. Maybe a lawyer could deny it, they can deny that the earth goes around the sun, but getting a judge to buy that argument would be a real stretch.

That would launch an anti-trust suit by prople with serious weaponry since many the many police and military sites would suddenly become unreachable. And when these people don't trust you, they tend to shoot.

Redmond might not become a smoking crater but it would certainly become a ghost town.

Suppose you want to bypass the whole thing by setting up a virtual machine to run your very own user environment? The virtual machine COULD be registered with the "thought police," but the apps it run need not be.

Within a virtual machine, you could run and store whatever file formats you want, and it would be transparent to the host operating system.

You could run one virtual machine or a host of them, depending on your needs or desires.

Stuff that comes to mind immediately is the Java VM and VMWARE. With both or those, the host operating system (and hardware) has NO idea what you're doing. In fact, I used to run Windows 2000 within a VMWARE session (under Linux) because that configuration was more stable than running Windows on the hardware alone.

This amounts to using Paladium precisely for what is was designed to do. The fact that you can run the world's largest trojan horse under it means nothing, for all it would see is a large program.

The whole Palladium concept relies on trust and cooperation between hardware and software vendors. If there is one company that should not be leading a project like this, it's Microsoft. How long will it be before the anti-GPL features of Palladium are redirected against Microsoft's competitors? Are the non-M$ software companies really that stupid? How long before certain hardware manufacturers achieve "most favored" status at the expense of their competitors? Considering how the "M$ trust deficit" helped kill Hailstorm, I wonder how they think something like Palladium will fly.

The only sure winner in this scheme is Microsoft, and for that reason alone, the rest of the industry has to rally against it. If this ever comes to pass, I can think of more than a few software companies that I can short-sell as part of my "Palladium early retirement" plan.

Maybe that's how to kill Palladium. Have some geek-friendly organization develop the "Palladium 500", a list of 500 companies that may be hurt by Palladium, so as to trigger a short-selling festival if this nonsense ever gets off the ground. The mere existance of such a list would serve as a wake up call to those who are in a better position to help with the political and financial issues. Believe me, any CEO whose company is on a list of targeted short-sellers is going to scream loudly. Would you buy stock in a high-tech company if a bunch of geeks was preparing to sell short? The beauty of this plan is that no one has to actually short any of the stocks, the mere existance of a list would do the trick.

"A lot of it comes down to the fact that consumer just don't feel secure using the Internet for their critical transactions," Douglas said. "Gates has realized that unless trust can be built into these systems, the ultimate abilities of the Internet are never going to be realized."

I don't see what any of this has to do with people trusting the internet for transactions. How can I trust my transactions any more than I can trust it now with an SSL based system? Ok, so under Palladium I would know that my Netscape binary has been reviewed and was trusted. But I pretty much believe that already. That's not the reason people don't trust internet transactions.

One thing I find interesting about this proposal is that it requires some level of code review before release of any software. All source would need to be submitted to a third party to ensure that the code can be trusted. That sounds like quite a mess to me.

All users: business, personal, educational, etc. should sign a petition and affirm that they will adamantly refuse to do business with hardware and software companies that support this latest attempt at a Microsoft market stranglehold.

LET THE INDUSTRY KNOW CLEARLY THAT WE REJECT THIS AND IT WILL COST THEM DEARLY IF THEY SUPPORT IT.

I will be the first: Netgraft Corporation will NOT do business with any developers who produce hardware that supports Palladium, any distributor that sells Palladium-scheme hardware, any software vendor which utilizes Palladium hardware, and any company which does business on the Palladium platform.

If someone starts such a project to collect these names, please contact me.

to Palladium-enabled (cough) devices? What if AMD or Cyrix decided to maintain the status quo and keep on manufacturing x86 chips. Or even migrate the x86 onwards and upwards but in a non-Palladium way?

The downside of this would be that the incompatibility issues between MS and GPL would be magnified. However there are upside issues too. The consumer, when informed that their CDs won't let them make mp3s of the music they just bought would be more likely to move to a GPL solution. The CDs which are incompatible with GPL might become less desirable. EU companies, outside the authority of US legal issues could mine out a larger niche in the market.

In fact, I see a much larger role for EU in open source projects as a result of the short-sighted efforts of US legislation (patents, etc.).

Someone pointed out that they doubt the GPL is Microsoft's primary target -- that if that were the case Palladium is simply overkill. This is a good observation and I wanted to add to it. While Palladium potentially has very negative consequences for not only Open Source / Free Software but all software in general, Microsoft wins on several fronts with this approach. You might remember that Microsoft openly opposed the so-called Holling's Bill that would mandate this kind of technology. Why? Because while it would have similar results (actually the bills proposed would be more broad) the power would be in the hands of the lawmakers and more importantly in the hands of the copyright holders -- the movie and record industry. By pushing their own solution, rather than a legal one, Microsoft maintains control of the technology. To the legislators, they seem like the "good" guys (despite the monopoly convitions [how long before we finally punish these criminals?!]) and Microsoft will also get the backing of "Hollywood." It's about gaining the upper hand. They know that there are forces out there that want this kind of technology, however, it's in Microsoft's best interest to be the "innovators" and have everyone fall in line under their proposal. I think this is the real motivation -- it further secures their position as the dominant market leader. No one will want Microsoft to go away if they hold the keys to your security -- all your information, your applications, everything is in their hands. So not only does Microsoft become indispensable, but they also get to screw over the competition (which includes GPLed applications as the article points out). While security and "trustworthy" computing are nice ideas, Microsoft is the LAST company I want to hand over this kind of control to.

Yes, and as it seems based on the article, Intel is making another mistake (AMD is in MS posession (or influence) already so AMD is forced).

Let's say, in my case Intel will lost 200-300 (all what's possible Intel) PCs yearly. but then again I'm only one. I will just move my bussines to first quality non-DRM platform (and if that's Apple than Apple it will be (god I'm proud I wanted my bussines as platform independant as possible)).

But to state my case more clearly, if there is 1000 resellers as I am, it will be a significant market loss. Anyone remember CPU number?

serialize the data to plain ascii. I assume no software can
restrict taking stuff out of binary documents, and then sending that flat data to a friend

The Fritz chip will prevent any non-[MS|RIAA|MPAA]-approved
software from accessing a protected document. And
in the Palladium/Fritz scheme, to get [MS|RIAA|MPAA] approval the application will not be allowed to have a useful "save" option.

Of course, maybe all you need is a single "buggy" but approved application to get around all this.